Vulnerability CVE-2020-25696: Information

Description

A flaw was found in the psql interactive terminal of PostgreSQL in versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. If an interactive psql session uses \gset when querying a compromised server, the attacker can execute arbitrary code as the operating system account running psql. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2020-25696
Published: Nov. 24, 2020
Modified: Nov. 7, 2023
Error type identifier: CWE-183

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
postgresql10p1010.15-alt110.23-alt1.p10.1ALT-PU-2020-3314-1261833Fixed
postgresql10p910.15-alt210.23-alt0.M90P.1ALT-PU-2020-3459-1262868Fixed
postgresql10p810.16-alt0.M80P.110.19-alt0.M80P.1ALT-PU-2021-1503-1266728Fixed
postgresql10c10f110.15-alt110.23-alt1ALT-PU-2020-3314-1261833Fixed
postgresql10c9f210.17-alt0.M90P.110.23-alt0.M90P.1ALT-PU-2021-1903-1271832Fixed
postgresql11p1011.10-alt111.22-alt0.p10.1ALT-PU-2020-3315-1261833Fixed
postgresql11p911.10-alt211.22-alt0.M90P.1ALT-PU-2020-3460-1262868Fixed
postgresql11p811.11-alt0.M80P.111.14-alt0.M80P.1ALT-PU-2021-1504-1266728Fixed
postgresql11c10f111.10-alt111.22-alt0.p10.1ALT-PU-2020-3315-1261833Fixed
postgresql11c9f211.12-alt0.M90P.111.22-alt0.M90P.1ALT-PU-2021-1904-1271832Fixed
postgresql11-1Cp811.10-alt0.M80P.211.12-alt0.M80P.2ALT-PU-2021-1505-1266728Fixed
postgresql12sisyphus12.5-alt112.19-alt3ALT-PU-2020-3316-1261833Fixed
postgresql12p1012.5-alt112.19-alt0.p10.1ALT-PU-2020-3316-1261833Fixed
postgresql12p912.5-alt0.M90P.112.18-alt0.M90P.1ALT-PU-2020-3456-1262868Fixed
postgresql12p812.6-alt0.M80P.112.9-alt0.M80P.1ALT-PU-2021-1506-1266728Fixed
postgresql12c10f112.5-alt112.19-alt0.p10.1ALT-PU-2020-3316-1261833Fixed
postgresql12c9f212.5-alt0.p9.112.18-alt0.c9f2.1ALT-PU-2020-3321-1261873Fixed
postgresql13sisyphus13.1-alt113.15-alt3ALT-PU-2020-3311-1261833Fixed
postgresql13p1013.1-alt113.15-alt0.p10.1ALT-PU-2020-3311-1261833Fixed
postgresql13c10f113.1-alt113.15-alt0.p10.1ALT-PU-2020-3311-1261833Fixed
postgresql9.5p99.5.24-alt29.5.25-alt1ALT-PU-2020-3457-1262868Fixed
postgresql9.5p89.5.25-alt0.M80P.19.5.25-alt0.M80P.1ALT-PU-2021-1501-1266728Fixed
postgresql9.5c9f29.5.25-alt19.5.25-alt1ALT-PU-2021-1901-1271832Fixed
postgresql9.5c79.5.9-alt0.M70C.29.5.9-alt0.M70C.1ALT-PU-2022-2732-1306725Fixed
postgresql9.6p99.6.20-alt29.6.24-alt0.M90P.1ALT-PU-2020-3458-1262868Fixed
postgresql9.6p89.6.21-alt0.M80P.19.6.24-alt0.M80P.1ALT-PU-2021-1502-1266728Fixed
postgresql9.6c9f29.6.20-alt19.6.24-alt0.M90P.1ALT-PU-2020-3320-1261872Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://www.postgresql.org/about/news/postgresql-131-125-1110-1015-9620-and-9524-released-2111/
  • Release Notes
  • Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1894430
  • Issue Tracking
  • Patch
  • Third Party Advisory
[debian-lts-announce] 20201202 [SECURITY] [DLA 2478-1] postgresql-9.6 security update
  • Mailing List
  • Third Party Advisory
GLSA-202012-07
  • Third Party Advisory

    1. Configuration 1

      cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*
      Start including
      9.6.0
      End excliding
      9.6.20
      cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*
      Start including
      10.0
      End excliding
      10.15
      cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*
      Start including
      11.0
      End excliding
      11.10
      cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*
      Start including
      12.0
      End excliding
      12.5
      cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*
      Start including
      13.0
      End excliding
      13.1
      cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*
      Start including
      9.5.0
      End excliding
      9.5.24

      Configuration 2

      cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: v24.5.1
Back to top